Page 34 - Cyber Defense eMagazine for August 2021
P. 34
When designing a product, you need to think beyond what you are building your product to do and
consider any use cases you might not have considered. For example, consider a server platform that is
embedded into an MRI machine in a hospital. A data center is a very different environment than a hospital
basement. You have to think holistically about your product and think through the security implications of
unintended use cases down the road. Hackers use this philosophy, using devices in completely
unexpected ways to uncover potential vulnerabilities. It’s hard to imagine all the potential use cases for
a particular device (or how bad actors might attack it), so you need to proactively think of security in
layers, and design in defense in depth so that no single exploit is likely to be successful.
2. What’s the first thing that needs to happen when creating a new product?
From an architecture standpoint, you have to think about how a device might come under attack. That
could include hardware, firmware, OS, application, and connectivity types of attacks. Using a ‘design for
security’ mindset, you must think about all these security attack scenarios because the weakest link
breaks the chain. For example, when thinking about making airplanes safe, designers build in
redundancy, so a single failure isn’t likely to cause a crash. But they also consider passenger safety and
how best to exit planes quickly. They have robust communications and procedures for what to do if
communications are down and many, many other aspects that comprise a safer airplane trip. This same
mindset exists in technology, with many security layers built into products from the beginning. An
adversary will avoid heavily protected elements of a product and look for the easiest way to break the
system.
This means threat modeling needs to be one of the first things to happen when building a product. You
can threat model everything from environmental factors and natural disasters to global geopolitics, or you
can narrow it down to something like a network or access to a system. It’s about guarding against bad
outcomes. Mature organizations often have teams of researchers dedicated to creating and evaluating
threat models.
3. How do you prioritize security when designing and developing a new product?
Once you get into actual design and development, you want to be able to catch known security threats.
That process is part of the Secure Development Lifecycle or SDL. SDL is a series of processes that
implement security principles and privacy tenets into product development to help support engineers,
developers, and researchers. These processes incorporate security-minded engineering and testing at
the onset of product development when it’s more effective and efficient to employ. Not only does it include
knowledge sharing, but also tools and services that, for example, allow someone to run checks against
code. You can imagine the number of checks over time becomes massive, so you need a process that’s
efficient and scales to help teams to better ensure they can catch security vulnerabilities.
Automation plays a vital role here. This involves using tools that embed these checks and automate the
process so designers can run a multitude of complex security checks with a click of a button. Our teams
are constantly working to stay ahead of attackers by trying to find these issues and vulnerabilities before
an attacker can exploit them. Beyond the SDL, other initiatives play a major role around security, including
training, conferences, Product Security Incident Response Teams (or PSIRTs), bug bounty programs,
offensive and defensive research, and industry collaboration.
Cyber Defense eMagazine – August 2021 Edition 34
Copyright © 2021, Cyber Defense Magazine. All rights reserved worldwide.
